Overview
Explore the legal challenges faced by security researchers in this 50-minute Black Hat conference talk. Delve into the potential legal risks and consequences of conducting security research, including lawsuits and prosecutions. Examine high-profile cases involving researchers and activists, and learn how even major companies like Google can face legal troubles for security-related activities. Gain insights from two experienced digital rights lawyers and a security firm strategist as they discuss the fine line between computer crime and legitimate research. Understand key laws such as the Wiretap Act, Digital Millennium Copyright Act, and Computer Fraud and Abuse Act. Participate in a game show format to analyze legally risky research scenarios and consider potential legislative solutions to protect security researchers. Discover strategies for navigating the complex legal landscape while conducting essential security work.
Syllabus
Introductions
The Plan
The CFAA
Penalties
Civil Statute
DMCA
DMCA Penalties
Electronic Communications Privacy Act
Wiretap Act
Google v Joffe
Key Exceptions
Google vs Gmail
Pen Register Statute
Stored Communications Act
Lets Play Again
Brute Force
Who Hack Back
Search Warrant Application
Googles Policy
Taught by
Black Hat